add dubbo consumer invoke track

Author: lostsnow

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java

@@ -4,8 +4,7 @@
 
 import java.lang.dongtai.SpyDispatcher;
 import java.lang.dongtai.SpyDispatcherHandler;
-import java.util.Collection;
-import java.util.Enumeration;
+import java.util.*;
 
 /**
  * 常用的ASM method 集合 省得我到处声明
@@ -209,6 +208,19 @@ static Method getAsmMethod(final Class<?> clazz,
             String.class
     );
 
+    Method SPY$traceDubboInvoke = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "traceDubboInvoke",
+            Object.class,
+            String.class,
+            Object.class,
+            Object[].class,
+            Map.class,
+            String.class,
+            String.class,
+            String.class
+    );
+
     Method SPY$reportService = InnerHelper.getAsmMethod(
             SpyDispatcher.class,
             "reportService",

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java

@@ -3,6 +3,7 @@
 import io.dongtai.iast.core.bytecode.enhance.ClassContext;
 import io.dongtai.iast.core.bytecode.enhance.plugin.authentication.shiro.DispatchShiro;
 import io.dongtai.iast.core.bytecode.enhance.plugin.core.DispatchClassPlugin;
+import io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo.DispatchDubbo;
 import io.dongtai.iast.core.bytecode.enhance.plugin.framework.feign.DispatchFeign;
 import io.dongtai.iast.core.bytecode.enhance.plugin.framework.j2ee.dispatch.DispatchJ2ee;
 import io.dongtai.iast.core.bytecode.enhance.plugin.hardcoded.DispatchHardcodedPlugin;
@@ -34,6 +35,7 @@ public PluginRegister() {
         this.plugins.add(new DispatchJdbc());
         this.plugins.add(new DispatchShiro());
         this.plugins.add(new DispatchFeign());
+        this.plugins.add(new DispatchDubbo());
 
         this.plugins.add(new DispatchClassPlugin());
     }

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/DispatchDubbo.java

@@ -0,0 +1,21 @@
+package io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo;
+
+import io.dongtai.iast.core.bytecode.enhance.ClassContext;
+import io.dongtai.iast.core.bytecode.enhance.plugin.DispatchPlugin;
+import io.dongtai.iast.core.handler.hookpoint.models.policy.Policy;
+import org.objectweb.asm.ClassVisitor;
+
+public class DispatchDubbo implements DispatchPlugin {
+    public static final String LEGACY_DUBBO_SYNC_HANDLER = " com.alibaba.dubbo.rpc.listener.ListenerInvokerWrapper".substring(1);
+
+    @Override
+    public ClassVisitor dispatch(ClassVisitor classVisitor, ClassContext context, Policy policy) {
+        String className = context.getClassName();
+
+        if (LEGACY_DUBBO_SYNC_HANDLER.equals(className)) {
+            classVisitor = new LegacyDubboSyncHandlerAdapter(classVisitor, context);
+        }
+
+        return classVisitor;
+    }
+}

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/LegacyDubboSyncHandlerAdapter.java

@@ -0,0 +1,29 @@
+package io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo;
+
+import io.dongtai.iast.core.bytecode.enhance.ClassContext;
+import io.dongtai.iast.core.bytecode.enhance.plugin.AbstractClassVisitor;
+import io.dongtai.iast.core.utils.AsmUtils;
+import io.dongtai.log.DongTaiLog;
+import org.objectweb.asm.ClassVisitor;
+import org.objectweb.asm.MethodVisitor;
+
+public class LegacyDubboSyncHandlerAdapter extends AbstractClassVisitor {
+    private static final String LEGACY_DUBBO_SYNC_HANDLER_INVOKE = " com.alibaba.dubbo.rpc.listener.ListenerInvokerWrapper.invoke(com.alibaba.dubbo.rpc.Invocation)".substring(1);
+
+    public LegacyDubboSyncHandlerAdapter(ClassVisitor classVisitor, ClassContext context) {
+        super(classVisitor, context);
+    }
+
+    @Override
+    public MethodVisitor visitMethod(final int access, final String name, final String desc, final String signature, final String[] exceptions) {
+        MethodVisitor mv = super.visitMethod(access, name, desc, signature, exceptions);
+        String signCode = AsmUtils.buildSignature(context.getClassName(), name, desc);
+
+        if (LEGACY_DUBBO_SYNC_HANDLER_INVOKE.equals(signCode)) {
+            DongTaiLog.debug("Adding dubbo tracking by {}", signCode);
+            mv = new LegacyDubboSyncHandlerInvokeAdviceAdapter(mv, access, name, desc, signCode, this.context);
+            setTransformed();
+        }
+        return mv;
+    }
+}

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/LegacyDubboSyncHandlerInvokeAdviceAdapter.java

@@ -0,0 +1,111 @@
+package io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo;
+
+import io.dongtai.iast.core.bytecode.enhance.ClassContext;
+import io.dongtai.iast.core.bytecode.enhance.plugin.AbstractAdviceAdapter;
+import org.objectweb.asm.*;
+import org.objectweb.asm.commons.Method;
+
+public class LegacyDubboSyncHandlerInvokeAdviceAdapter extends AbstractAdviceAdapter {
+    private static final Method GET_URL_METHOD = Method.getMethod(" com.alibaba.dubbo.common.URL getUrl()".substring(1));
+    private static final Method GET_ARGUMENTS_METHOD = Method.getMethod("java.lang.Object[] getArguments()");
+    private static final Method GET_GETATTACHMENTS_METHOD = Method.getMethod("java.util.Map getAttachments()");
+    private static final Method URL_TO_STRING_METHOD = Method.getMethod("java.lang.String toString()");
+
+    private Label exHandler;
+    private final Type handlerType;
+    private final Type urlType;
+    private final Type invocationType;
+
+    protected LegacyDubboSyncHandlerInvokeAdviceAdapter(MethodVisitor mv, int access, String name, String desc, String signature, ClassContext context) {
+        super(mv, access, name, desc, context, "dubbo", signature);
+        this.handlerType = Type.getObjectType(" com/alibaba/dubbo/rpc/listener/ListenerInvokerWrapper".substring(1));
+        this.invocationType = Type.getObjectType(" com/alibaba/dubbo/rpc/Invocation".substring(1));
+        this.urlType = Type.getObjectType(" com/alibaba/dubbo/common/URL".substring(1));
+    }
+
+    @Override
+    protected void onMethodEnter() {
+        this.tryLabel = new Label();
+        visitLabel(this.tryLabel);
+        enterMethod();
+        this.catchLabel = new Label();
+        this.exHandler = new Label();
+    }
+
+    @Override
+    protected void onMethodExit(int opcode) {
+        leaveMethod(opcode);
+    }
+
+    @Override
+    protected void before() {
+    }
+
+    @Override
+    protected void after(int opcode) {
+    }
+
+    @Override
+    public void visitMaxs(int maxStack, int maxLocals) {
+        visitLabel(this.catchLabel);
+        visitLabel(this.exHandler);
+        leaveMethod(ATHROW);
+        throwException();
+        visitTryCatchBlock(this.tryLabel, this.catchLabel, this.exHandler, ASM_TYPE_THROWABLE.getInternalName());
+        super.visitMaxsNew(maxStack, maxLocals);
+    }
+
+    private void enterMethod() {
+        enterScope();
+
+        Label elseLabel = new Label();
+        Label endLabel = new Label();
+
+        isFirstScope();
+        mv.visitJumpInsn(Opcodes.IFEQ, elseLabel);
+
+        traceMethod();
+
+        mark(elseLabel);
+        mark(endLabel);
+    }
+
+    private void leaveMethod(int opcode) {
+        leaveScope();
+    }
+
+    private void enterScope() {
+        invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
+        push(false);
+        invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$enterPropagator);
+    }
+
+    private void leaveScope() {
+        invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
+        push(false);
+        invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$leavePropagator);
+    }
+
+    private void isFirstScope() {
+        invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
+        invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$isFirstLevelPropagator);
+    }
+
+    private void traceMethod() {
+        invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
+        loadThisOrPushNullIfIsStatic();
+        dup();
+        invokeVirtual(this.handlerType, GET_URL_METHOD);
+        invokeVirtual(this.urlType, URL_TO_STRING_METHOD);
+        loadArg(0);
+        loadArg(0);
+        invokeInterface(this.invocationType, GET_ARGUMENTS_METHOD);
+        loadArg(0);
+        invokeInterface(this.invocationType, GET_GETATTACHMENTS_METHOD);
+        push(this.classContext.getClassName());
+        push(this.name);
+        push(this.signature);
+        invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$traceDubboInvoke);
+        pop();
+    }
+}

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/feign/DispatchFeign.java

@@ -6,7 +6,7 @@
 import org.objectweb.asm.ClassVisitor;
 
 public class DispatchFeign implements DispatchPlugin {
-    private static final String FEIGN_SYNC_HANDLER = "feign.SynchronousMethodHandler";
+    public static final String FEIGN_SYNC_HANDLER = "feign.SynchronousMethodHandler";
 
     @Override
     public ClassVisitor dispatch(ClassVisitor classVisitor, ClassContext context, Policy policy) {

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java

@@ -11,6 +11,7 @@
 import io.dongtai.iast.core.handler.hookpoint.graphy.GraphBuilder;
 import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent;
 import io.dongtai.iast.core.handler.hookpoint.models.policy.*;
+import io.dongtai.iast.core.handler.hookpoint.service.trace.DubboService;
 import io.dongtai.iast.core.handler.hookpoint.service.trace.FeignService;
 import io.dongtai.iast.core.utils.StringUtils;
 import io.dongtai.log.DongTaiLog;
@@ -535,6 +536,28 @@ public boolean traceFeignInvoke(Object instance, Object[] parameters,
         return false;
     }
 
+    @Override
+    public boolean traceDubboInvoke(Object instance, String url, Object invocation, Object[] arguments,
+                                    Map<String, String> headers, String className, String methodName,
+                                    String signature) {
+        try {
+            ScopeManager.SCOPE_TRACKER.getPolicyScope().enterAgent();
+            if (!isCollectAllowed(false)) {
+                return false;
+            }
+
+            MethodEvent event = new MethodEvent(className, className, methodName,
+                    signature, instance, arguments, null);
+
+            DubboService.solveSyncInvoke(event, invocation, url, headers, INVOKE_ID_SEQUENCER);
+        } catch (Throwable e) {
+            DongTaiLog.error(ErrorCode.SPY_TRACE_DUBBO_INVOKE_FAILED, e);
+        } finally {
+            ScopeManager.SCOPE_TRACKER.getPolicyScope().leaveAgent();
+        }
+        return false;
+    }
+
     @SuppressWarnings("unchecked")
     private boolean isCollectAllowed(boolean isEnterEntry) {
         if (!EngineManager.isEngineRunning()) {

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java

@@ -4,12 +4,12 @@
 import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent;
 import io.dongtai.iast.core.handler.hookpoint.models.policy.SourceNode;
 import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition;
-import io.dongtai.iast.core.handler.hookpoint.models.taint.range.*;
+import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRangesBuilder;
 import io.dongtai.iast.core.utils.StackUtils;
 import io.dongtai.iast.core.utils.TaintPoolUtils;
 
-import java.lang.reflect.Array;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Set;
 import java.util.concurrent.atomic.AtomicInteger;
 
 /**
@@ -81,99 +81,12 @@ private static boolean trackTarget(MethodEvent event, SourceNode sourceNode) {
             return false;
         }
 
-        trackObject(event, sourceNode, event.returnInstance, 0);
+        TaintPoolUtils.trackObject(event, sourceNode, event.returnInstance, 0);
         // @TODO: hook json serializer for custom model
         handlerCustomModel(event, sourceNode);
         return true;
     }
 
-    private static void trackObject(MethodEvent event, SourceNode sourceNode, Object obj, int depth) {
-        if (depth >= 10 || !TaintPoolUtils.isNotEmpty(obj) || !TaintPoolUtils.isAllowTaintType(obj)) {
-            return;
-        }
-
-        int hash = System.identityHashCode(obj);
-        if (EngineManager.TAINT_HASH_CODES.contains(hash)) {
-            return;
-        }
-
-        Class<?> cls = obj.getClass();
-        if (cls.isArray() && !cls.getComponentType().isPrimitive()) {
-            trackArray(event, sourceNode, obj, depth);
-        } else if (obj instanceof Iterator && !(obj instanceof Enumeration)) {
-            trackIterator(event, sourceNode, (Iterator<?>) obj, depth);
-        } else if (obj instanceof Map) {
-            trackMap(event, sourceNode, (Map<?, ?>) obj, depth);
-        } else if (obj instanceof Map.Entry) {
-            trackMapEntry(event, sourceNode, (Map.Entry<?, ?>) obj, depth);
-        } else if (obj instanceof Collection) {
-            if (obj instanceof List) {
-                trackList(event, sourceNode, (List<?>) obj, depth);
-            } else {
-                trackIterator(event, sourceNode, ((Collection<?>) obj).iterator(), depth);
-            }
-        } else if ("java.util.Optional".equals(obj.getClass().getName())) {
-            trackOptional(event, sourceNode, obj, depth);
-        } else {
-            int len = TaintRangesBuilder.getLength(obj);
-            if (len == 0) {
-                return;
-            }
-
-            TaintRanges tr = new TaintRanges(new TaintRange(0, len));
-            if (sourceNode.hasTags()) {
-                String[] tags = sourceNode.getTags();
-                for (String tag : tags) {
-                    tr.add(new TaintRange(tag, 0, len));
-                }
-            }
-            event.targetRanges.add(new MethodEvent.MethodEventTargetRange(hash, tr));
-
-            EngineManager.TAINT_HASH_CODES.add(hash);
-            event.addTargetHash(hash);
-            EngineManager.TAINT_RANGES_POOL.add(hash, tr);
-        }
-    }
-
-    private static void trackArray(MethodEvent event, SourceNode sourceNode, Object arr, int depth) {
-        int length = Array.getLength(arr);
-        for (int i = 0; i < length; i++) {
-            trackObject(event, sourceNode, Array.get(arr, i), depth + 1);
-        }
-    }
-
-    private static void trackIterator(MethodEvent event, SourceNode sourceNode, Iterator<?> it, int depth) {
-        while (it.hasNext()) {
-            trackObject(event, sourceNode, it.next(), depth + 1);
-        }
-    }
-
-    private static void trackMap(MethodEvent event, SourceNode sourceNode, Map<?, ?> map, int depth) {
-        for (Object key : map.keySet()) {
-            trackObject(event, sourceNode, key, depth + 1);
-            trackObject(event, sourceNode, map.get(key), depth + 1);
-        }
-    }
-
-    private static void trackMapEntry(MethodEvent event, SourceNode sourceNode, Map.Entry<?, ?> entry, int depth) {
-        trackObject(event, sourceNode, entry.getKey(), depth + 1);
-        trackObject(event, sourceNode, entry.getValue(), depth + 1);
-    }
-
-    private static void trackList(MethodEvent event, SourceNode sourceNode, List<?> list, int depth) {
-        for (Object obj : list) {
-            trackObject(event, sourceNode, obj, depth + 1);
-        }
-    }
-
-    private static void trackOptional(MethodEvent event, SourceNode sourceNode, Object obj, int depth) {
-        try {
-            Object v = ((Optional<?>) obj).orElse(null);
-            trackObject(event, sourceNode, v, depth + 1);
-        } catch (Throwable ignore) {
-        }
-    }
-
     /**
      * todo: 处理过程和结果需要细化
      *
@@ -183,7 +96,7 @@ public static void handlerCustomModel(MethodEvent event, SourceNode sourceNode)
         if (!"getSession".equals(event.getMethodName())) {
             Set<Object> modelValues = TaintPoolUtils.parseCustomModel(event.returnInstance);
             for (Object modelValue : modelValues) {
-                trackObject(event, sourceNode, modelValue, 0);
+                TaintPoolUtils.trackObject(event, sourceNode, modelValue, 0);
             }
         }
     }

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyManager.java

@@ -1,5 +1,7 @@
 package io.dongtai.iast.core.handler.hookpoint.models.policy;
 
+import io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo.DispatchDubbo;
+import io.dongtai.iast.core.bytecode.enhance.plugin.framework.feign.DispatchFeign;
 import io.dongtai.iast.core.bytecode.enhance.plugin.framework.j2ee.dispatch.DispatchJ2ee;
 import io.dongtai.iast.core.utils.StringUtils;
 import io.dongtai.log.DongTaiLog;
@@ -27,7 +29,8 @@ public class PolicyManager {
             " org.springframework.web.servlet.FrameworkServlet".substring(1),
             " javax.servlet.http.Cookie".substring(1),
             " org/springframework/web/servlet/mvc/annotation/AnnotationMethodHandlerAdapter$ServletHandlerMethodInvoker".substring(1),
-            " feign.SynchronousMethodHandler.invoke".substring(1)
+            DispatchFeign.FEIGN_SYNC_HANDLER,
+            DispatchDubbo.LEGACY_DUBBO_SYNC_HANDLER
     ));
     private static final Set<String> HOOK_CLASS_SUFFIX_NAMES = new HashSet<String>(Collections.singletonList(
             ".dubbo.monitor.support.MonitorFilter"